WordPress 4.9.1 Security and Maintenance Release

WordPress4.9.1 is now available. This isa security and maintenance release for all versions since WordPress3.7.WordPress versions 4.9 and earlier are affected by 4 security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team's ongoing commitment to security hardening, the following fixes have been implemented in 4.9.1:

Use a properly generated hash for the newbloguser key instead of a determinate substring.

Add escaping to the language attributes used on HTML elements.

Ensure the attributes of enclosures are correctly escaped in RSS and Atom feeds.

Remove the ability to upload JavaScript files for users who do not have the unfiltered_html capability.

A small number of bugs have been identified which are impactful enough that the core team has decided to release 4.9.1 with fixes for those issues. Particularly of note were:

Issues relating to the caching of theme template files.

A MediaElement JavaScript error preventing users of certain languages from being able to upload media files.

The inability to edit theme and plugin files on Windows-based servers.

ASK US ANYTHING WORDPRESS RELATED: We can offer you confidently, SEVERAL OPTIONS to choose which one suits your needs better.

Related Posts

”We sell WordPress as “easy” and it is easy to a point... The expectation is that everything is that simple. However, behind the WordPress dashboard are PHP, CSS, and JavaScript code files that connect to a MySQL database.” Code Poet ~ Locking Down WordPress What are the disadvantages of upgrading...

At your next scheduled WordPress Maintenance, be advised for your WordPress protection about the latest vulnerabilities in WordPress plugins identified and reported publicly this month: Open Graph for Facebook, Google+ and Twitter Card Tags Unauthenticated Cross-Site Scripting (XSS) reported by Thomas Chauchefoin. The software does not neutralize or incorrectly neutralizes...

30sec WordPress Services Case Study: Everything Wrong With all MODERN websites 12 fails with examples + analysis + tips on HOW TO SOLVE THEM Mocking modern times online's presence and current digital trends is not extremely difficult, considering the sheer number of existing websites. Even if we're talking about more...

HO! HO! HOpe You’re Up For The HOlidays! WP Services can prevent disasters. “We do not see things as they are. We see things as we are.” — Rabbi Shemuel ben Nachmani This does not suggest that bad things will OR won't happen to you; it merely means that...

WP Security bulletin - NOVEMBER 2018 At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 3 vulnerabilities in WordPress themes identified and reported publicly during. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins - your risking serious...

Constant Data Breaches expected throughout 2019 2018 Was Second-Most Active Year for Information Data Breaches. Hacking by external actors triggered most security breaches, however, Web invasions and exposures compromised more records. More than 6,500 security breaches were reported in 2018, according to a brand-new report from Risk Based Security shows....

WordPress sites are notoriously lacking when it comes to security. Be it due to an insufficient security expertise of the developer, or the use of one of the many FREE plugins available (of which the security cannot be guaranteed). With WordPress running on 1 in 5 sites on the internet,...

We are very excited to share with you more information on our new releases: owl KEYRA now has a LOCALE overview, for both mobile keyword monitoring and desktop keyword monitoring, as a dedicated tab, for each customer. We think you're going to be very pleased with the new statistics. owl...

WordPress 4.9.7 is now available. This is a privacy and maintenance release, that fixes 17 bugs. We encourage you to update your sites to take advantage of the new privacy features. From the WordPress 4.9.7 release post, WordPress versions 4.9.6 and earlier (​detailed in our post​​ here: 2 WORDPRESS CORE VULNERABILITIES...

2019 Trends for WordPress Services & WP owners We created this curated list of trends in 2019 for WordPress Services. Use this information and gain valuable insights; use it for your own advantage and your business in the next year. SummaryArticle Name 2019 Trends for WordPress Services &...

WP Security bulletin - DECEMBER 2018 At your next scheduled WordPress Maintenance, be advised for your WP Security about the latest 17 vulnerabilities in WordPress plugins identified and reported publicly. As these vulnerabilities are disclosed, when you use one (or more) of these outdated plugins - your risking serious WordPress...